Lucene search
K

1425 matches found

RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago12 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5708 Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana

Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.1CVSS5.9AI score0.00245EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5072 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.7AI score0.0032EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 1:26 p.m.36 views

CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 1:26 p.m.8 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 1:26 p.m.12 views

CVE-2026-10609

The vulnerability CVE-2026-10609 affects the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, enabling a delegated editor to exfiltrate...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.7 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score0.00236EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.4AI score0.00615EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 6:7 a.m.3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 6:7 a.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/13 4:17 a.m.25 views

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

6.4CVSS0.00361EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36633

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.5AI score0.01254EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.13 views

CVE-2026-50565

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.15 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.12 views

CVE-2026-46617

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted...

8.7CVSS0.00276EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.7 views

keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 5:28 p.m.24 views

CVE-2026-50565 Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:28 p.m.7 views

CVE-2026-50565 Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS5.4AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder